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Please add the following Abstract. 
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METHOD AND SYSTEM FOR HANDLING TWO CA SYSJiMS 



IN A SAME RECEIVER 



Field of the Invention 



5 



The present invention relates generally to digital audio/video transmission 



systems, and more particularly to a method and system which allows a receiver 
in a digital audio/video transmission system to use multiple conditional access 
identifications. 

10 Background of the Invention 



coding of one or more elementary streams of audio and video as well as other 
data into single or multiple streams suitable for storage and transmission. Two 
forms of coding are recommended: Program Stream (PS) coding and Transport 

15 Stream (TS) coding. In the coding process, Audio-Visual (A/V) streams are first 
compressed and packetized to obtain Packetized Elementary Streams (PES). The 
PS combines one or more streams of PES packets with a common time base into 
a single stream. The TS combines one or more programs with one or more 
independent time bases into a single stream. PS packets may be of variable 

20 length, and TS packets are 188 bytes in length. Each TS packet has a 4-byte 
header with a packet ID (PID) that identifies the type of data contained in the 
packet. In addition to PES packets, a TS contains Program Specific Information 
(PSI) tables to demultiplex and present programs. A Program Map Table (PMT) is 
a table that provides the mappings between the program numbers and the 

25 elements that comprise them. It includes a list of PIDs associated with each 
program. 

The Advanced Television Systems Committee (ATSC) has adopted the 
Simulcrypt architecture for its Conditional Access (CA) system for terrestrial 
broadcast. In this architecture, each service is transmitted with Entitlement 
30 Management Messages (EMMs) and Entitlement Control Messages (ECMs) for a 
number of different proprietary systems. This way, decoders using different CA 
systems can decode the service using a common framework for signaling the 



ISO/IEC 13818-1 is an international standard that specifies the 
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different entitlement messages. Each service is comprised of audio and video 
packets. Any one decoder picks out the packets it needs and ignores the others in 
the stream. 

In a Simulcrypt based CA system, a digital audio/video processing system, 
5 such as a Digital Television (DTV) parses the PMT and extracts the service and ECM 
PIDs using a CA system identification (ID) obtained from the CA module. Normally, 
each CA module supports only one CA system, and therefore has only one CA 
system ID. The PIDs of the AN packets and the PIDs of the ECMs canying the 
Control Words (CWs) are sent to the CA module, which descrambles programs 
10 having proper purchase entitlements. 

U.S. Patent No. 5,420,866 to WasllewskI describes a method for providing 
conditional access information to a plurality of different decoders which is very similar 
to a Simulcrypt system. Wasilewski describes using a CA system identification 
parameter CA_SystemJD to identify the different CA providers, and hence the 
15 different decoders (see col. 12, lines 12-16). 

Additionally, an article entitled "Wunderkiste des digitalen Fernsehens" by 
Daniel Kramer mentions the Simulcrypt technique (Kramer D: "Wunderkiste des 
digitalen Fernsehens", Bull. SEVA/SE, CH, Schweizerischer Elektrotechnischer 
Verein, Zurich, Vol. 88, No. 3, pp.27-30). 



Summary of Invention 

The present invention permits an audio/video processing device to use two CA 
system IDs to parse the PMT, and the CA module to correctly identify the ECM PIDs 
which belong to a particular CA system. It includes a method for an AA/ processing 

25 device, for example a DTV, to enable a security device to access a program by 
correctly identifying the packets for service and entitlement control messages. The 
security device is associated with the AA/ processing device, which in turn is 
associated with a digital transmission system for data associated with a sen/ice. The 
method comprises extracting at least one service and entitlement message control 

SO packet identifier pair from the data and, if only one service and entitlement control 
message packet identifier pair is extracted, identifying the extracted pair; and, if more 
than one service and entitlement control message packet identifier pair Is extracted. 
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automatically selecting one of the extracted pairs according to a predefined 
convention. 

Brief Description of the Figures 
5 Figure 1 illustrates a network adapted to receive content from a broadcasting 

source and provide copy protection using XCA and the NRSS copy protection 
system; 

FlgureJ^ustrates a block diagram of an XCA device employed within the 
system of Figure 1; 
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Figure 3 illustrates a block diagram of a converter card utilized according 
to an aspect of the present invention; and. 

Figure ^J|lustrates a block diagram of a terminal card utilized according to 
an aspect of the present invention. 

5 

Detailed Description of the invention 

Figure 1 illustrates a network 10 that receives content from a 
broadcasting source, i.e. via content source 20, and provides protection with 
XCA and the NRSS copy protection system {described below). The content 

10 source 20 can provide the CA content 22 of economic value, whether from tape, 
DVD, cable, satellite or terrestrial broadcast, for example. The content 22 
typically includes A/V content, which is protected and supplied to subscribers of 
a private CA network. The subscribers who purchase, or are otherwise entitled 
to receive the content 22, are supplied with necessary keys for descrambling the 

15 content 22, According to the embodiment of Figure 1 , the content source 20 
can provide this CA content 22 to an access device 30, recording device 40 or 
presentation device 50. 

Access device 30 can take the form of a set-top box. The set-top box 30 
operates in conjunction with an XCA/NRSS converter card 35 to create XCA 

20 protected content from the CA content 22 which becomes part of the CA/XCA 
content 33. Recording device 40 can take the form of a Digital VHS (DVHS) or 
DVD recorder. The recording device may or may not be provided with a 
converter card 45 analogous to the converter card 35. Presentation device 50 
can take the form of a DTV, and operate in conjunction with an XCA/NRSS 

25 terminal card 55 for descrambling CA/XCA protected content. 

Extended Conditional Access (XCA) is a system for protecting MPEG2 
encoded digital A/V content during transmission and storage while supporting 
established and new models for content distribution and sales. XCA 
accomplishes this task by mapping the basic controls of "playback" and "record" 

30 into viewing control. Under the XCA system, content of economic value is 
always scrambled. I.e., is either under the control and responsibility of the 
distributor or within the confines of the consumers home, e.g. local, network. 
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XCA allows recording of scrambled content, but only legitimate copies may be 
descrambled and viewed. Since non-legitimate content is not descrambled, it 
cannot be viewed. Non-legitimate content is that which is not an original or 
otherwise authorized by the copyright owner, for example. 
5 XCA provides three levels of entitlements. Content that is free to 

distribute in unlimited fashion is "free-copy" content. Examples of this content 
may be broadcast television, infomercials or similar material that is advertised or 
supported. "Copy-once" or local view programming content can be created and 
viewed in a single household or local network regardless of time. However, such 

10 a copy cannot be transported to other local networks. Examples of this type of 
content may be sporting events or premium services. Finally, "never-copy" or 
immediate view programming content allows for only real-time viewing, i.e., 
recorded copies are not viewable. Examples of this type of content may be pay- 
per-view programming or other high-value content. 

15 A distinct characteristic of the XCA architecture is the notion of 

conditional access and local protection. Local protection, or security, is the 
protection of content within the boundaries of a home network, after an access 
device, e.g. 30, receives the scrambled program, e.g. CA content 22. It 
specifies what a presentation device e.g. 50, has access to, and can thus 

20 convert and display protected content. Removable security devices, e.g., 
converter and terminal cards 35, 45, 55, perform security related functions. 
Content of economic value is delivered using a CA service. For example, digital 
satellite systems scramble video content and keys for mass distribution to their 
subscribers. Some subscribers may decide to purchase the content in which 

25 case they are supplied with the necessary keys for descrambling the content and 
viewing. Those subscribers choosing not to purchase the content are not 
provided access to these keys. In XCA, the descrambling keys are rebundled in 
a new ECM, which is protected by a unique local public key. The presentation 
device that receives content with local ECMs (LECMs) therefore needs to handle 

30 not only the content protected by a particular CA system, but by XCA as well. 

Referring now also to Figure 2, a generic XCA Consumer Electronics (CE) 
device 60 suitable for use in system 10 is illustrated therein. Certain types of 
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device 60 have specific functionality. For exannple, the XCA access device 30 
creates XCA protected content for CA/XCA 33, the XCA presentation device 50 
descrannbies XCA protected content, and the XCA recording device 40 stores 
and plays but cannot create or descramble XCA protected content unless it is 
5 provided with the converter card 45. Generally, the generic device 60 includes a 
switching unit 62, input unit 61 and a renewable or embedded security device 
66, e.g. converter card 35 or 45, or terminal card 55. Depending on what type 
of device it is, the device 60 may also include a presentation unit 64, storage 
unit 68, analog output 65, decompressed digital output 67 or compressed digital 
10 output 69. 

The digital input unit 61 generally comprises circuitry and software needed 
to acquire a digital signal, for instance a demodulator. The compressed digital 
output 69 uses circuitry and software to issue an MPEG2 digital signal, for 
instance a modulator. Security device 66 handles CA functions and XCA 

15 functions, and is able to transform the type of the content. It is the only element 
of the model that outputs in digital format a transformed content. As set forth, 
the security device 66 may take the form of the converter card 35 or 45, or 
terminal card 55. The converter cards 35 and 45 support functionality such as 
(i) checking CA entitlements; (ii) control word (CW) recovery; and (iii) content 

20 descrambling. It generates the Triple Data Encryption Standard (TDES) keys, re- 
scrambles the content, and encrypts the LECMs using its public key. The 
terminal card 55 supports functionality, such as checking XCA entitlements. It 
descrambles the content using the CWs of the LECMs, and then re-scrambles the 
content following the requirements of the XCA NRSS interface protection 

25 system. Block diagrams of an exemplary converter card 35 and terminal card 55 
are illustrated in Figures 3 and 4, respectively. The storage unit 68 stores 
content in, and reads content from, non-volatile memory. It does not transform 
the type of the content unless provided with a converter card 45, in which case 
it also acts as an access device. A hard disk is a typical internal storage unit. 

30 Digital Versatile Disc (DVD) players and Digital Video Tape Recorders such as 
DVHSs are typical CE devices with removable storage. The presentation unit 64 
decodes the MPEG2 content, and presents it to the user in an analog or 
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decompressed digital form. It may descramble an NRSS stream using NRSS 
descrambler 64', decode a digital stream using MPEG decoder 64", and perform 
digital to analog conversion using digital to analog converter (DAC) 64"'. The 
final outcome may be a physical signal such as sound or an analog electrical 

5 signal. TV display and analog output of a hi-fi amplifier are typical examples. 
The switching unit 62 routes content within the device 60. Its function is 
limited to routing only; it does not transform the type of the content. 

The XCA system is designed to protect the NRSS interface connecting an 
XCA terminal card 56 to a presentation device 50. NRSS interface protection is 

10 not required in access device 30 as the content is CA/XCA content. 

The procedure for establishing an XCA protected NRSS interface involves: 
authenticating the presentation host device 50; establishing a shared secret key 
that is unique to a particular presentation device 50/terminal card 55 pair; 
creating shared keys for content protection; and scrambling content returning to 

15 the host 50 with Data Encryption Standard (DES) and the shared keys. 

The Local Entitlement Control Message (LECM) may be contained in one or 
more sections which may be variable in length with the syntax of Table 1 . The 
beginning of a section can be indicated by a pointer field in the packet payload. 



7 






Table 1 






Syntax 


No. of Bits 


Mnemonic 


Local_Entitlement)Control_Message{ 






Tablejd 


8 


0x80 or 0x81 


Section_syntaxjndicator 


1 


•r 


Privatejndicator 


1 




Zero 


2 


'00* 


Private_sect!onJength 


12 


Uimsbf 


Table jd_extension(){ 






Reserved 


6 


'000000' 


LECM^type 


2 


'10' 


Protocol_version 


8 


Uimsbf 


} 

Reserved 


2 


'ir 


Version_number 


5 


'00000' 


Current_next_indicator 


1 


•r 


Section_number 


8 


0x00 


Last_section_number 


8 


0x00 


XCAjndentifier 


256 


Uimsbf 


Localsourcejd 


64 


Uimsbf 


Reserved 


5 


Uimsbf 


Copyprotect_enable 


1 


Uimsbf 


XCA_view_flag 


2 


Uimsbf 


Time_code 


32 


Uimsbf 


Source_sequence_number 


32 


Uimsbf 


XCAdescriptor 


424 


Uimsbf 


Padding_bytes 


508 


Uimsbf 


lri+oririt\/ r*hiai^If 
IMLcyiiLy LrllCON 




LJImSuT 


CRC_32 


32 


Rpchof 



where. 
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Table jd"This 8-bit field identifies the Entitlement Control Message that 
this section belongs to. It shal! be set to either 0x80 or 0x81. When at least 
one bit changes in the LECM section, the tablejd shall toggle. 

Section^syntaxjndicator-This 1-bit field shall be set to M', It denotes 
5 that the section follows the generic section syntax beyond section length field. 
Private Jndicator-This 1-bit field shall be set to '1 

Private_sectionJength~This 12-bit field specifies the number of remaining 
bytes in this section, starting immediately following the private_sectionJength 
field, and including the CRC_32. 
10 LECM type-This 2-bit field indicates the type of information carried by the 

LECM. '10' means that it carries a Control Word. 

Protocol version— An 8-bit unsigned integer field whose function is to 
allow, in the future, this table to carry parameters that may be structured 
differently than those defined in the current protocol. At present, only one 
15 protocol is defined. When Protocol_version = 0x00, only a single control word 
pair is used for the entire program, and similarly, the access criteria is defined for 
the entire program {i.e., no stream-level protection allowed). In this case, ail 
streams of the event shall be scrambled with the same control word, and shall 
use the same access criteria. When Protocol_version = > 0.01 , values of 
20 protocol_version greater than 0x00 may only be processed by decoders designed 
to accommodate the later version of the protocol as they become deployed. 

Verston_number-This 5-bit field is reserved and shall have a value of 
'00000*. Future implementation can use this field if necessary. 

Current_nextJndlcator~This 1 -bit indicator is always set to ' r for a 
25 LECM; the LECM sent is always currently applicable. 

Section_number-This 8-bit field contains the number of the private 
section. The section number of the first section in a private table shall be 0x00. 
The section number shall be incremented by 1 with each additional section 
belonging to this private table. 
30 Last_section_number~This 8-bit field specifies the number of the last 

section of the private table of which this section is a part. 

XCAJdentifier-This 256-bit field contains a unique XCA identifier. The 
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identifier has ASCII values of "Copyright: (C) 1999 TMM". Quotation marks are 
not included. Each ASCII character is assigned one byte of storage. Characters 
are left-justified in this field. Unassigned field values are set to 0x00. 

Local_sourceJd-This 64-bit field contains the XCA device ID of the 
security device that generated this LECM. 

Copy_protect_enable"This 1-bit field shall indicate the presence of a 
content protection mechanism for one or more streams of the program material 
that is delivered out of the presentation device. The purpose of this flag is to 
provide a means to detect fault indication for the user and shall not be used to 
enforce copy protection. The value of this field is set to 'V if the protection for 
at least one stream is enabled. 

XCA_view_flag-The value of this 2-bit field shall be determined by the 
authority that manages protection of the program content prior to conversion to 
XCA protection. This value shall be compared with the value of the 
XCA_view_flag in the XCA_descriptor. in case of a discrepancy, the protected 
XCA_view_flag shall be used to enforce viewing rights within the security 
processor of an XCA Presentation Device. The semantic shall be as follows: 

XCA_viewJlag = '00': XCA content is not restricted. View anywhere, 
any time. XCA_view_flag = 'Or : XCA reserved. XCA__view_flag = '1 0*: XCA 
content is restricted to viewing any time within the local network. 
XCA_view_flag = '1 1': XCA content is restricted to viewing "now" within the 
local network. 

Tlme code~lf the time source Is known and secure, this field contains the 
number of seconds that has transpired since 12 am January 6, 1980 UTC (mod 
2^^). If the time source is not known and secure, this field shall be coded as all 
O's. 

Source_sequence_number"This 32-bit field contains the current value of 
the cryptoperiod counter of the converter module that created the LECM. 

Paddjng_bytes-The number of bytes needed to make the total length of 
the secure part of the LECM 128 bytes (128-65). The padding^bytes are 
randomly chosen. 

Integritycheck-This 32-bit number field contains a value that verifies that 
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the content of the decrypted payload is valid. It is used to ensure the encryption 
and decryption processes are performed properly. 

CRC-32"This 32-bit field contains the CRC value that ensures a zero 
output from the registers in the decoder defined in Annex A of ISO/IEC 13818-1 
5 "MPEG2Systems" after processing the entire LECM section. This value shall be 
calculated after the data have been encrypted. 

Each converter card 35 supports a transformation from CA protected 
content to XCA protected content and has a 32~bit cryptoperiod counter. A 
cryptoperiod is defined as the period during which a stream or a program is 

10 scrambled with one particular key. For each new cryptoperiod, i.e., control word 
change, the converter module shall increment its cryptoperiod counter by 1 . If, 
for example, a program includes three streams with different cryptoperiods, the 
counter is incremented at the beginning of each cryptoperiod for each stream. 
Protected against external access, this counter cannot be reset or decreased. 

15 The initial value of the cryptoperiod counter is 0. 

Once the converter card 35 determines that the access to the content is 
legitimate, it uses the following information to build the LECM: odd and even 
CWs; Copy Control Information (CCI); and Copy Protection (CP) status, e.g., one 
of the three possible states "view freely", "view locally", or "view now". 

20 The transformation from CA protected content to XCA protected content 

includes the following processes: the converter card 35 assigns its XCAJD to 
local^sourcejd; the converter card 35 sets copy_protect_enable to 1 if the 
content is of type "view now", otherwise copy_protect_enable is set to 0; the 
converter card 35 assigns the current value of the cryptoperiod counter to 

25 source_sequence_number; and, the converter card assigns a hash value 
computed on the secure-part of the LECM to integrity_check. 

The hash method is as follows according to an aspect of the present 
invention: 

C[0]= M[0]© M[4]©...®M[4 X (n/4)] 
30 C[1]= MI1ieM[5]®...©M[4x((n-1)/4) -h 1] 

C[2]= M[2]©M[61©...©M[4 x({n-2)/4) + 21 
C[3]= M[3]@M[7]©...©M[4 x({n« 3)/4) -f 3] 
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where, M[i] represents the i^" byte of the message to encrypt, the first byte of 

the sequence has index 0; and, C[i] represents the i'th byte of the integrity^check 
field, the first byte of the field has index 0. 

The secure part of the LECM is encrypted using RSA-1024. The 
5 encryption key is the free viewing public key Kpub free' ^he content is of "free 
viewing" type, otherwise it is the converter card's public key Kpyb i- Finally, the 
converter card calculates CRC_32 after encrypting the secure part of LECM. 

Referring again to Figure 3, therein is illustrated a block diagram of an 
exemplary converter card 35. Converter card 35 includes a CA system 100 and 

10 an XCA system 200. The CA system 100 generally includes: an ISO-7816 link 
device 110 communicable with the host device, e.g. access device 30, via the 
link 37; CA operational Software (SW) 120; ECM and EMM extractors 130, 140; 
and Triple Date Encryption Standard (TDES) device 150. An input 155 for 
receiving CA content from the host is provided and supplied to TDES device 

15 150, and ECM and EMM extractors 130, 140. The TDES device 150 further 
includes an output 160, The XCA system 200 generally includes XCA 
operational software 220 and ECM replacement module 230. The ECM 
replacement module 230 is communicable with the TDES conversion module 
150 via the output 160. The ECM replacement module 230 is further provided 

20 with an output 235 for returning XCA content to the host. 

Terminal card 55 supports a transformation of XCA protected content to 
NRSS content. For this purpose, the terminal card 55 holds a record for each 
converter card 35{i) linked to it. This record contains the following fields: the 
XCAJD of the converter card 35(i); the private key Kpnv j of the converter card 

25 35(i); and, the most recent value of the source_sequence_number SSNj received 
from the converter card 35(i). The transformation of XCA protected content to 
NRSS content includes: if the value of CRC_32 does not match with the value 
computed from LECM, then the terminal card 55 cancels the transformation. If 
the status of the content defined by XCA_view_flag corresponds to "free 

30 viewing" type, then the decryption key is the free viewing private key Kp^v fre^. 
The terminal card 55 decrypts the secure part of LECM using RSA-1024. From 
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the unencrypted local sourcejd, the terminal card 55 identifies the issuing 
converter card 35. If the terminal card 55 does not yet have the corresponding 
private key, i.e., if the terminal card 55 does not have a record whose first field 
is equal to the value of local_sourceJd, then it stops the transformation, and 

5 initiates a request for the private key. Otherwise, the terminal card 55 decrypts 
the secure part of LECM with RSA-1024 using the private key associated with 
the converter card 35 identified by local_sourceJd, If the value of 
XCA_view_flag in the unencrypted part does not match with the value of 
XCA_view_flag in the XCA descriptor, then the terminal card 55 cancels the 

10 transformation. If the content corresponds to the "view now" type, then the 
terminal card 55 ensures that there is no replay using two checks. If a secure 
time source is not available for the host, then the first check is omitted. In the 
first check, the terminal card 55 compares time_code with the host time received 
from the presentation device 50 using an NRSS command. If the difference is 

15 not more than a predetermined amount, e.g. five minutes, then the terminal card 
55 compares SSNi with source_sequence_number. Otherwise, it cancels the 
transformation. In the second check, if SSNi is less than 

source_sequence_number, then the terminal card 55 updates the corresponding 
SSNi, and descrambles the content using the CWs in the LECMs. Otherwise, it 

20 cancels the transformation. If the content does not correspond to the "view 
now" type, then the terminal card 55 descrambles the content using the CWs in 
the LECMs. The terminal card 55 passes the contents of the CCI field to the 
NRSS module 300 for NRSS protection purposes. Finally, the terminal card 55 
informs the NRSS module 300 of each new cryptoperiod occurrence. 

25 In another transformation, XCA protected content is transformed to clear 

content. This transformation is similar to transforming XCA protected content to 
NRSS content, where noteworthy differences are: that the clear content is 
directly passed to the switching unit 62 of a device 60 for example; and, that 
the CCI is directly passed to the host processor. 

30 Referring again to Figure 4, therein is illustrated a block diagram of an 

exemplary terminal card 50. Generally, the terminal card 50 includes a CA 
system 400, and an XCA system 300. The CA system 400 generally includes: 
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an ISO-7816 link device 410 communicable with the host device, e.g. 
presentation device 50, via the link 57; CA operational software (SW) 420; ECM 
and EMM extractors 430, 440; and Triple Date Encryption Standard (TDES) 
descrambling device 450. Input 455 for receiving CA/XCA content from the 
5 host is provided and supplied to TDES device 450, and ECM and EMM extractors 
430, 440. The TDES device 450 further includes an output 460. The XCA 
system 300 generally includes XCA operational software 320; NRSS copy 
protection operational software (SW) 340; and NRSS copy protection (CP) 
module 350. The NRSS copy protection (CP) module 350 is communicable with 
10 the TDES descrambling module 450 via the output 460. The NRSS copy 
protection (CP) module 350 is further provided with an output 435 for returning 
NRSS content to the host. 
S Terminal cards 55 exchange data with the host device 50 to complete 

^ their tasks. This communication can be effected using NRSS EIA-679B 
315 compliant commands, for example. In accordance with the applicable NRSS 
specification, the host monitors the card status periodically to determine what 
i operations need to be performed. 

3 The National Renewable Security Standard (NRSS) provides a means for 

y 

5 renewable security to be employed with digital Consumer Electronics (CE) 

^20 devices such as DTV receivers and digital VCRs. The security functionality is 
thus separated from navigational devices. When an NRSS security device, such 
as terminal card 55, receives protected content from its host device, such as 
presentation device 50, it descrambies it and sends it back to the host device. 
As the content is in-the-ciear before it leaves the security device, it needs to be 

25 protected across the interface. The NRSS standard also defines a framework for 
encryption-based copy protection systems. 

According to the NRSS specification, hosts and terminal cards may be 
manufactured with support for one or more NRSS copy protection systems. 
These systems are identified by unique Copy Protection (CP) system IDs. A 

30 negotiation can be used between a terminal card 55 and its host device 50 to 
determine which systems are implemented. As part of the terminal card 55 
initialization, the host 50 informs the terminal card 55 about the NRSS copy 
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protection systems it supports. If an XCA NRSS copy protection system is 
included in this set, the terminal card 55 sends back the CP system ID with its 
configuration which also includes the CA system ID. Looking at this 
configuration, the host 50 realizes that both XCA and a particular CA system are 
5 supported by the terminal card 55, and subsequently parses the PMT using both 
the XCA system ID and CA system ID, For each new program, the card 55 
obtains service and ECM PIDs from the host. According to an aspect of the 
invention, the XCA CA system ID is stored in host devices supporting the XCA 
copy protection system as it is not a confidential piece of data, and does not 
10 require secure storage. 

By construction, the terminal card 55 processes both CA and XCA 

□ streams coming from various sources including broadcaster head-end and 
m playback devices in the home network. Depending on the content received, the 
% host e.g. presentation device 50, may send either one or two pairs of {Service 
Q 15 PID, ECM PID} to the terminal card 55. Three possibilities may exist: (1) Only 
r one pair is sent; {Service PID, ECM PID} which contains the LECM PID; (2) Only 
d one pair is sent; { Service PID), ECM PID} which contains the CA ECM PID; or, 
3 (3) Two pairs are sent; where one pair contains the LECM, the other the CA ECM 

□ PID. Hence, there is a need to differentiate between CA ECMs and LECMs. 
20 Two exemplary cases are provided. 

Case (a): Where two pairs are provided - The first {Service PID, ECM PID} 
pair is defined to be a predetermined one of the PIDs, e.g. the LECM PID or CA 
ECM PID by convention. 

Case (b): Where only one pair is received - The terminal card detects 
25 LECMs by checking their syntax, such as was discussed in relation with Table 1 . 
According to another aspect of the invention, two fields that may be used for 
this purpose are LECM_type and XCAjdentifier. The former indicates what the 
transport packet carries, while the latter provides a unique identification for the 
XCA LECM. 

30 For example, consider a program with the following service PIDs: (1) 

Video PID: 100, and {2} Audio PID: 101. These two elementary streams are 
protected with the same key. The descrambling keys are carried in ECMs 
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protected by two CA systems (there may be more than two CA systems): (1) 
CA system #1 ECM PID: 180, and (2) CA system #2 ECM PID: 181. Assume 
the ECM for CA system #1 is converted to and replaced by, an LECM with PID 
182. Now, the host device will send two sets of {service PID, ECM PID) pairs to 
5 the card as is characterized by Table 2. 



Table 2 



Service PID 


ECMPID 


100 


182 


101 


182 


100 


181 


101 


181 



The PID 182 will be identified to be the PID for LECMs where the first of the 
pairs was set to be the LECM PIC by convention. 
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Claims 

1. A method for an audio/video processing device to enable a 
security device to access a service, the method comprising: 
5 extracting service and entitlement control message packet 

identifier pairs from data associated with said service and automatically 
identifying one of the extracted pairs according to a predefined 
convention, 

wherein each of the received pairs Includes either a conditional 
10 access entitlement control message identifier (CA ECM) or a local 
u entitlement control message identifier (LECM). 

3 2. The method according to claim 1, wherein the predefined 
;3 convention is dependent upon an order In which the pairs are sent to 
15 the security device. 

3 3. The method of Claim 1, wherein each of the received pairs Is 
Jl either associated with a conditional access (CA) system or extended 
' y conditional access (XCA) system. 

20 

4. A method for an audio/video processing device to enable a 
security device to access a service, the method comprising: 

extracting the service and entitlement control message packet 
identifier pairs from data associated with said service; and, 
25 If only one service and entitlement control message packet 

Identifier pair Is extracted, Identifying the extracted pair; and, 

if more than one service and entitlement control message packet 
identifier pair are extracted, automatically Identifying at least one of 
the extracted pairs according to a predefined convention, 
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Wherein each of the received pairs includes either a conditional 
access entitlement control message identifier (CA ECM) or a local 
entitlement control message Identifier (LECM). 

5 5. The method of Claim 4, wherein the predefined convention is 
dependent upon an order in which the pairs are extracted. 

6. Canceled. 

,u 10 7. The method of Claim 4, wherein each of the received pairs further 
S includes a service identifier. 

: f% 
"^'■ss 

;5 8. The method of Claim 4, wherein the predefined convention 

defines a first of the pairs to be received to Include the service 
C3 15 Identifier and local entitlement control message identifier. 

S 9. The method of Claim 4, wherein at least a portion of the data Is 
secured using one of a plurality of conditional access systems. 

20 10. The method of Claim 9, wherein at least one of the conditional 
access systems is associated with a broadcaster of the program and at 
least a second of the conditional access systems is associated with an 
access device, communicable with the presentation device. 

25 11 . The method of Claim 10, wherein the presentation device is a 
digital television, and the access device is a set-top box In combination 
with a second security device. 
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12. The method of Claim 4, further comprising: 

the security device communicating interface protection related 
information and conditional access related Information to the 
audio/video processing device; and, 

the audio/video processing device parsing a program map table 
using the communicated conditional access information and stored 
conditional access Information; 

wherein the program map table associates packet Identifiers with 
corresponding service information. 

13. The method of Claim 12, wherein the security device uses packet 
Identifiers to Identify which of the packets contains entitlement control 
message data suitable for descrambling the data Indicative of the 
program. 

14. The method of Claim 13, wherein at least some of said entitlement 
control messages are local entitlement control messages which Include 
at least a field for Identifying and LECM and a field for conditional access 
Identification, and said proper processing comprises descrambling said 
service by accessing an appropriate key in said data using information 
included In at least one of said field for Identifying and lecivi and said 
field for conditional access identification. 

15. The method according to claim 9, wherein at least one portion of 
the data Is Indicative of at least one program. 

16. The method according to claim 4, wherein the data Is 
communicated via a digital transmission system. 
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17. A method for identifying iocai entitlement control messages from 
broadcast entitlement control messages comprising the step of: 
extracting service and entitlement control message packet 
identifier pairs from data associated with a service; and, 
5 if only one service and entitlement control message packet 

identifier pair is extracted, identifying the extracted pair as either 
a local entitlement control message or a broadcast entitlement 
control message; and, 

If more than one service and entitlement control message 
10 packet identifier pair are extracted, automatically Identifying at 

least one of the extracted pairs as a local entitlement control 
message. 



18. A method for Identifying local entitlement control messages from 
15 broadcast entitlement control messages comprising the step of: 

extracting service and entitlement control message packet 
Identifier pairs from data associated with a service; and. 

If only one service and entitlement control message packet 
identifier pair Is extracted, identifying the extracted pair as either 
20 a local entitlement control message or a broadcast entitlement 

control message; and, 

if more than one service and entitlement control message 
packet Identifier pair are extracted, automatically identifying at 
least one of the extracted pairs as a broadcast entitlement control 
25 message. 
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Name of Additional Joint Inventor, if any: 


□ A petition has been filed for this unsigned inventor 


Given Name (first and middle [if any]) 


Family Name or Sumame 


JEAN-LOUIS 


DIASCORN 






Residence: City Carmel ^|\/ 


IN 

State 


US 

Country 


FR 

Citizenship 


Mailing Address 


Mailing Address 13798 Forum Meadows Drive 


City Carmel 


Indiana 

State 


46033 

ZIP 


US 

Country 


Name of Additional Joint Inventor, if any: 


□ A petition has been filed for this unsigned inventor 


GiveoJilaaie (first and middle fif anvl) 


Family Name or Sumame 


DAVID JAY ] /\ 




Btn^fiEid? 


InvAntnr's / / 

Signature \ / f 






Date ^//tB^^'^ 


Residence: City Y ^ Indianapolis 11 ^^^^^ ^ IN 


US 

Country 


Citizenship 


Mailing Address ^i-ZU 


Mailing Address 5459 Fall Creek Road 


City Indianapolis 


State '"^'^"^ 


46220 

Zip 


^ * US 
Country 


Name of Additional Joint inventor, if any: 


□ A petition has been filed for this unsigned inventor 


Given Name (first and midd 


le nf any]) 


Family Name or Sumame 






Inventor's 
Signature 


Date 


Residence: City 


State 


Country 


Citizenship 


Mailing Address 


Mallinq Address 


City 


state Zip 


Country 



y 



Burden Hour Statement: This form is estimated to take 21 minutes to complete. Time will vary depending upon the needs of the Individual case. Any 
comments on the amount of time you are required to complete this form should be sent to the Chief information Officer, U.S. Patent and Trademark 
Office, Washington, DC 20231. DO NOT SEND FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO: Assistant Commissioner for Patents, 
Washington, DC 20231. 



Please type a plus sign (+) Inside this box > [+1 PTO/SB/01 (1(M)0) 

Approved for use through 10/31/2002. OMB 0651-0032 
U.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE 
Under the Papenvork Reduction Act of 1995, no persons are required to respond to a collection of infonmation unless It contains a valid OMB control number. 
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Attorney Docket Number 


RCA 89858 ^ 


DECLARATION FOR UTILITY OR 
DESIGN 


First Named Inventor 


Ahmet Mursit Eskicioglu 
etal 


PATENT APPLICATION 


COMPLETE IF KNOWN 




Application Number 


/ 


□Declaration □Declaration 

Submitted OR Submitted after Initial 
With Initial Filing (surcharge 
Filing (37 CFR 1.16 (e)) 
required) 


Filing Date 




Group Art Unit 




Examiner Name 


J 



As a below named inventor, i hereby declare that: 

My residence, post office address, and citizenship are as stated below next to my name. 

I believe I am the original, first and sole inventor (if only one name is listed below) or an original, first and joint inventor (if plural names 
are listed below) of the subject matter which is claimed and for which a patent is sought on the invention entitled: 



METHOD AND SYSTEM FOR HANDLING TWO OA SYSTEMS IN A SAME 
RECEIVER 



the specification of which 
□ is attached hereto 

OR 

El was filed on (MM/DDA'YYY) 



(Tftie of the invention) 



October 6, 2000 



PCT/USOO/27685 | and was amended on (MM/DD/YYYY) [ 



as United States Application Number or POT International 

10/23/01 I (if applicable). 



Application Number 

1 hereby state that I have reviewed and understand the contents of the above identified specification, including the claims as amended 
specifically referred to above. 

I acknowledge the duty to disclose information which is material to patentability as defined in 37 CFR 1.56, Including for continuation-in-part 
applications, material infomiation which became available between the filing date of the prior application and the national or PCT 
international filing date of the continuation-in-part application. 



I hereby claim foreign priority benefits under 35 U.S.C. 119(a)-(d) or 365(b) of any foreign application(s) for patent or inventor's certificate, 
or 365(a) of any PCT international application which designated at least one country other than the United States of America, listed below 
and have also identified below, by checking the box, any foreign application for patent or inventor's certificate, or of any PCT intennational 
application having a filing date before that of the application on which priority is claimed. 



Prior Foreign Application 
Number(s) 



Country 



Foreign Filing Date 
(MM/DD/YYYY) Country 



Priority 
Not Claimed 



Certified Copy Attached? 
YES NO 



□ 
□ 
□ 

□ 



□ 
□ 

□ 
□ 



a 
□ 
□ 
□ 



n Additional forelqn application numbers are listed on a supplemental priority data sheet PTO/SB/02B attached hereto: 


1 herebv claim the benefit under 35 U.S.C. 1 19(e) of any United States provisional ap; 


)licatlon(s) listed below. 


AppilcationNumber(s) 


Filing Date (MM/DD/YYYY) 


□ Additional provisional application 
numbers are listed on 
a supplemental priority data sheet 
PTO/SB/02B attached hereto. 


US 60/157,968 


October 6. 1999 
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Burden Hour Statement: This form is estimated to take 21 minutes to complete. Time will vary depending upon the needs of the individual 
case. Any comments on the amount of time you are required to complete this fomri should be sent to the Chief Information Officer, U.S. 
Patent and Trademari< Office. Washington. DC 20231. DO NOT SEND FEES OR COMPl^TED FORMS TO THIS ADDRESS. SEND TO: 
Assistant Commissioner for Patents, Washington, DC 20231 . 



Please type a plus sign (+) inside this box 



PTO/SB/01 (10-00) 
Approved for use through 10/31/2002. 0MB 0651-0032 



U.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE 
Under the Papenwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it contains a valid OMB control number. 



DECLARATION FOR UTILITY OR 
DESIGN 
PATENT APPLICATION 
(37 CFR1.63) 



□Declaration 
Submitted 
With Initial 
Filing 



□Declaration 
OR Submitted after Initial 
Filing (surcharge 
(37 CFR 1.16(e)) 
required) 



Attorney Docket Number 



First Named Inventor 



RCA 89858 



Ahmet Mursit Eskicloglu 
etal 



COMPLETE IF KNOWN 



Application Number 



Filing Date 



Group Art Unit 



Examiner Name 



/ 



As a below named Inventor, I hereby declare that: 

My residence, post office address, and citizenship are as stated below next to my name. 

I believe I am the original, first and sole inventor (if only one name is listed below) or an original, first and joint inventor (if plural names 
are liste d below) of the subject matter which Is claimed and for which a patent is sought on the Invention entitled: 



METHOD AND SYSTEM FOR HANDLING TWO CA SYSTEMS IN A SAME 
RECEIVER 



the specification of which 
□ is attached hereto 
OR 

El was filed on (MM/DDATYY) 



(Title of the tnvention) 



October 6, 2000 



as United States Application Number or PCT International 
Application Number 1 PCT/USOO/27685 j and was amended on (MM/DDAnTYY) I 10/23/01 | (if applicable). 

I hereby state that I have reviewed and understand the contents of the above identified specification, including the claims as amended 

specifically referred to above. 

I acknowledge the duty to disclose information which is material to patentability as defined in 37 CFR 1 .56, including for continuation-in-part 
applications, material infonnation which became available between the filing date of the prior application and the national or PCT 
international filing date of the continuation-in-part application. 



I hereby claim foreign priority benefits under 35 U.S.C. 1 19(a)-(d) or 365(b) of any foreign application(s) for patent or inventor's certificate, 
or 365(a) of any PCT International application which designated at least one country other than the United States of America, listed below 
and have also identified below, by checking the box, any foreign application for patent or inventor's certificate, or of any PCT International 
application having a filing date before that of the application on which priority is claimed 



Prior Foreign Application 
Number{s) 



^Country 



Foreign Filing Date 
(MM/DD/YYYY) Country 



Priority 
Not Claimed 



□ 
□ 
□ 
□ 



Certified Copy Attached? 
YES NO 



□ 
□ 
□ 
□ 



□ 
□ 
□ 
□ 



□ Additional foreign application numbers are listed on a supplemental priority data sheet PTO/SB/02B attached hereto: 
I hereby claim the benefit under 35 U.S.C. 1ig(e) of any United States provisional application(s) listed below. 



ApplicationNuniber(s) 



US 60/157.968 



Filing Date (MM/DD/YYYY) 



October 6, 1999 



□ Additional provisional application 
numbers are listed on 
a supplemental priority data sheet 
PTO/SB/02B attached hereto. 
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Burden Hour Statement: This fonn is estimated to take 21 minutes to complete. Time will vary depending upon the needs of the Individual 
case Any comments on the amount of time you are required to complete this form should be sent to the Chief Information Officer, U.S. 
Patent and Trademarit Office, Washington. DC 20231. DO NOT SEND FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO: 
Assistant Commissioner for Patents, Washington, DC 20231. 
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DECLARATION 



ADDITIONAL INVENTOR(S) 
Supplemental Sheet 
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Name of Additional Joint Inventor, if any: 


n A petition has been filed for this unsigned inventor 


Given Name (first and midd 


e nf anvl) 


Family Name or Sumame 


IPANJ ntiiK 


DIASCORN 


Inventor's , ^ 
Signature 


Date 


Residence: City ^armel 


IN 

State 


US ' 

Country 


FR 

Citizenship 


Mailing Address / 


Mailing Address ^3798 Forum Meadovifs Drive 


City Carmei 


Indlana^^ 

State 


46033 

ZIP 


US 

Country 


Name of Additional Joint inventor, if any: 


□ A petition has been filed for this unsigned inventor 


Given Name (first and middle [if any]) 


Family Name or Sumame 


nAyin.iAY /* 


DUFFIELD 


Inventor's ^ ^ 
Signature / 


Date 


Residence: City Indianaf^is 


Stat. 


US 

Country 


Citizenship 


Mailing Address 


Mailing Address /5459 Fall Creels Road 


City Indianapolis 


State 




US 

Country 


Name of Ad^onal Joint Inventor, If any: 


□ A petition has been filed for this unsigned inventor 


Given Name (first and midd 


He nf anvl) 


Family Name or Sumame 






Inventor's 
Signature 


Date 


Residence: Citv 


State 


Country 


Citizenship 


Mailing Address — 


Mailina Address — ~ 


City 


State Zip Country 



comments on the amount of time you are required to complete this fbnn should be sent to the Chief Information Officer, U.S. Patent and Trademarlc 
Office. Washington, DC 20231. DO NOT SEND FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO: Assistant Commissioner for Patents. 
Washington. DC 20231. 



